Now
MAIN commitmail json YAML
lua-web-sanitize: update to 1.4.0
Stricter attribute value escaping
This is a critical update if you are using a custom white list with iframe
elements allowed. Due to their non-standard parsing within browsers it
maybe be possible to craft HTML to bypass sanitization by using an element
with an attribute value of a closing iframe tag. Those using the default
whitelist are not affected.
Stricter attribute value escaping
This is a critical update if you are using a custom white list with iframe
elements allowed. Due to their non-standard parsing within browsers it
maybe be possible to craft HTML to bypass sanitization by using an element
with an attribute value of a closing iframe tag. Those using the default
whitelist are not affected.